A lot of organizations have suffered a DNS attack

Seventy-six percent of organizations in the USA and United Kingdom have suffered a DNS attack, with 49 percent experiencing one in the past 12 months, according to Cloudmark.

The most common DNS threats reported were DDoS (74 percent), DNS exfiltration (46 percent), DNS tunnelling (45 percent) and DNS hijacking (33 percent) by those who had suffered an attack.

Three hundred IT decision makers were polled across the USA and UK and, of those who reported suffering a DNS attack, more than half admitted to losing business critical data or revenue. An astounding third of respondents also confirmed they had lost confidential customer information. Despite these serious business implications, 44 percent of those who found it difficult to justify DNS security investment to their company felt it was because their senior management do not see DNS security as an issue and are, in fact, considered barriers to investment. This is in spite of more than half of the IT decision makers polled (55 percent) citing the theft of private or confidential data as a major concern to their organisation.

“The survey findings suggest that large organisations are not only inadequately protecting company intellectual property against DNS attacks but more needs to be done to help educate businesses on the methods used by DNS attackers,” said Neil Cook, CTO at Cloudmark.

“While DDoS threats continue to be a common method of attack to siphon off valuable resources, organisations need to review their security solutions to ensure they can protect against a multitude of other attacks including DNS exfiltration and DNS tunnelling, particularly in industries where high-value data is held, such as retail and financial industries. Once an organisation’s data is in the hands of cyber-criminals, the brand reputation, customers and ultimately revenue of that organisation can be severely affected.”

Additional findings from the research include:

Shockingly, in the USA, 66 percent of respondents have experienced a DNS attack in the past 12 months.

Of more concern, 23 percent of UK respondents admitted they did not know if their organisation had ever suffered a DNS attack.

Retail, distribution and transport firms reported the highest instance of DNS attacks of all vertical industries polled, with 74 percent suffering from an attack in the past 12 months. The industry also revealed itself as the biggest victim of DNS exfiltration attacks (56 percent), with financial services organisations a close second (51 percent) of those who had been victim to an attack.

Customer retention and brand reputation were the top concerns reported following a DNS attack.